DEV.co
Open-Source Security · qiwentaidi

Slack

Slack is a desktop security toolkit (written in Go with Wails UI) that integrates web scanning, directory enumeration, company intelligence, and space search capabilities. It bundles 8,500+ fingerprints, 3,400+ POCs, and integrates Nuclei v3 for vulnerability scanning.

Source: GitHub — github.com/qiwentaidi/Slack
1.1k
GitHub stars
142
Forks
Go
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryqiwentaidi/Slack
Ownerqiwentaidi
Primary languageGo
LicenseMIT — OSI-approved
Stars1.1k
Forks142
Open issues5
Latest releasev2.2.9 (2026-03-20)
Last updated2026-04-29
Sourcehttps://github.com/qiwentaidi/Slack

What Slack is

Go-based desktop application using Wails v2.11.0 framework. Includes Nuclei v3 integration for POC execution, supports directory scanning (dirsearch/supersearchplus compatible), database sampling with regex pattern matching (ID/phone/API credentials), and encryption/decryption via embedded CyberChef. Interfaces with FOFA, Hunter, and Quake threat intelligence platforms.

Quickstart

Get the Slack source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/qiwentaidi/Slack.gitcd Slack# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Red team reconnaissance and surface mapping

Aggregates company data collection (IP/domain discovery), space search across threat intel platforms, and web scanning with embedded fingerprint DB—streamlines pre-engagement recon.

Authorized security assessments and pen-testing

POC-based vulnerability scanning via Nuclei, directory enumeration, and automated database sampling for sensitive data validation during authorized engagements.

Security operations data processing

Built-in tools for parsing Fscan output, IP extraction, deduplication, and password decryption; designed to reduce manual data handling in daily security workflows.

Implementation considerations

  • V2 version is no longer maintained (V3 Hephaestus-Desktop and web version available separately); verify migration path and feature parity before adoption.
  • Requires local Wails environment setup and Go toolchain for builds; pre-compiled binaries available but validate against your distribution/security requirements.
  • Threat intel integrations (FOFA, Hunter, Quake) require API credentials; cost and rate-limiting of these external services not detailed.
  • POC library (3,400+) and fingerprints (8,500+) embedded; no mention of automated update cadence or versioning strategy post-release.
  • Desktop-only deployment model; no headless/CLI-only option mentioned for integration into automated CI/CD scanning pipelines.

When to avoid it — and what to weigh

  • Unauthorized or gray-area target scanning — Project explicitly disclaims non-authorized use. Legal liability and tool functionality assume lawful authorization; use outside authorized scope violates stated terms.
  • Production vulnerability management at scale — Single-user desktop tool; no centralized reporting, team collaboration, or multi-tenant support. Not designed for enterprise SaaS or large fleet deployments.
  • Active exploitation required — All POCs are stated as theoretical detection only—no actual exploit execution. If true exploitation and payload delivery are needed, alternative tools are required.
  • Cross-platform distribution or SaaS offering — V2 is archived per README; V3 and web versions exist separately. Desktop app is Windows/Mac/Linux compatible but requires desktop deployment and local operation.

License & commercial use

MIT License (OSI-approved, permissive). No copyleft restrictions; derivative works allowed. Includes typical MIT disclaimers (no warranty, liability).

MIT permits commercial use without explicit permission. However, project includes strong legal disclaimer: tool is authorized only for lawful security testing with proper authorization. Any commercial offering or service using Slack must ensure compliance with local laws and customer authorization requirements. Recommend legal review before reselling or integrating into commercial services.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceStale
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceHigh
Security considerations

Project is an assessment tool, not a vulnerable target. Key points: (1) POCs stated as detection-only, no actual exploitation code; (2) tool interacts with external APIs (FOFA, Hunter, Quake)—credential storage and transmission practice unknown; (3) database sampling includes sensitive data pattern matching (IDs, credentials)—ensure data handling aligns with privacy regulations; (4) desktop app runs with user privileges; (5) no security audit or CVE history evident in provided data. Validate credential handling and data exfiltration controls before use with sensitive targets.

Alternatives to consider

Burp Suite Community / Pro + Nuclei CLI

Industry-standard web scanner with robust community and commercial support; Nuclei CLI for POC-driven scanning; better documentation and team collaboration.

Hephaestus (V3 / web version)

Direct successor to Slack V2; maintained and feature-parity expected; same author, no migration friction.

OWASP ZAP + Metasploit Framework

Open-source, widely supported ecosystem; active exploitation capability; broader integration and team collaboration; larger community.

Software development agency

Build on Slack with DEV.co software developers

Slack V2 is archived; consider migration to V3 (Hephaestus). Need a custom assessment toolkit, team collaboration, or automated scanning pipeline? Devco can help you architect, extend, or build a supported security platform.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

Slack FAQ

Is V2 still being updated?
No. README explicitly states V2 is no longer maintained. V3 (Hephaestus-Desktop) and a web version are the active projects.
Can I use POCs to actually exploit vulnerabilities?
No. POCs are explicitly stated as theoretical detection only—they do not execute real exploits or attack payloads.
Does Slack run on Windows, Mac, and Linux?
Yes. Wails v2.11.0 supports cross-platform desktop deployment. Pre-built binaries are available; source builds supported via Go toolchain.
What happens if I scan targets without authorization?
Project includes explicit legal disclaimer: user assumes all liability for unauthorized access or scanning. Tool developers will not accept legal responsibility.

Software development & web development with DEV.co

Adopting Slack is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.

Evaluate Slack for Your Authorized Security Program

Slack V2 is archived; consider migration to V3 (Hephaestus). Need a custom assessment toolkit, team collaboration, or automated scanning pipeline? Devco can help you architect, extend, or build a supported security platform.